If you’ve followed us and our blog this year, you’ve read various posts from Yubico experts sharing their insights and expertise on the latest trends impacting cybersecurity around the world. We strive to post content that is insightful to not just our customers, but the businesses and individuals that are looking for information and actionable takeaways that can help them become truly cyber resilient in this digital world. This has always been Yubico’s mission – to make the Internet safer for all – and that mission extends beyond providing YubiKeys for protecting digital identities online.
As we look back at 2025, it was certainly a year of surprising developments – but at the same time, a lot of what happened is what we anticipated. In last year’s predictions posts, we detailed expectations around key trends including passkeys, AI and government regulations – and many of those ‘predictions’ or expectations unfolded (or at least started the groundwork for the future).
To tap into those authentication trends from a global lens, we commission an invaluable global survey annually – and 2025’s findings were the most telling yet. Polling 18,000 employed adults across nine countries, the survey revealed notable gaps between the perception of security and the reality of modern vulnerabilities – highlighting differences in how various countries are navigating a new cyber landscape stemming from unique regional challenges. On a global snapshot, 70% believe phishing attempts have become more successful due to the use of AI – but a surprising 29% still don’t have MFA set up for their personal email accounts.
The variance of habits and perceptions is what we found the most interesting; cybersecurity truly is a global, human issue at its core – but how we achieve cyber resilience and phishing-resistance looks differently no matter where you live. Yes, we’ve continued to see Generative and Agentic AI continue to amplify the rise in phishing attacks globally. But facing these known threats, we also continued seeing the same habits unfold – that is, using insecure forms of authentication and even passwords at an astoundingly high rate. Bridging that gap is what Yubico’s Christopher Harrell believes will be critical for security leaders to prioritize and raise the security bar in 2026.
With a big year ahead, our experts sat down to share their thoughts and takeaways on the past year, as well as what we expect to unfold this year. We’d love to hear your thoughts on these, and are here to answer any questions you have. Don’t hesitate to reach out to our team to talk phishing-resistance any time!
Preparing for a post quantum future: Christopher Harrell, Chief Technology Strategy Officer
As we look ahead to the future of authentication and identity, 2026 will be a pivotal year as the industry intensifies its focus on the standardization work required to make post-quantum cryptography (PQC) viable at scale as we near a post-quantum future. This effort spans passkeys, traditional Smart Cards, and other specifications for encryption, signing, digital identity, and beyond.
Organizations must begin planning for this transition now, and the first step is establishing a clear cryptographic bill of materials (CBOM). Many existing solutions lack support for emerging PQC algorithms, making it critical to identify early which platforms will require updates and which vendors will need to be engaged.
Yubico has already demonstrated that newly standardized PQC algorithms such as ML-DSA can run on embedded secure hardware like that used in YubiKeys. However, completing the story will require close collaboration across the industry and with standards bodies to evolve underlying protocols including the FIDO PIN protocol and attestation, PIV and OpenPGP algorithms, and related specifications to address the unique characteristics and requirements of PQC.
Ultimately, the adoption of post-quantum cryptography will be an evolution rather than a sudden transition. Our goal is to ensure digital identities remain secure against future quantum threats without sacrificing the usability and trust that have comprised our foundation from the start.
The next generation of digital identity wallets: Stina Ehrensvard, Founder
2025 saw the rise of non-human identities, which now threatens our concept of what is true and false on the internet. With the increasing use of AI, bad actors with political and financial interests are stealing, misusing, and fabricating identities at scale more quickly and effortlessly than ever before. As more fake identities and bots influence internet users globally, in 2026 our democratic society will come to a crossroads of how to effectively combat these threats.
The proven, most effective solution to combat stolen and fake identities is the use of verifiable credentials – specifically, strong authentication combined with digital identity verification. The good news is countries around the world are taking action, with the EU moving forward with a bold plan over the next year: By late December 2026, each Member State must make at least one EUDI wallet available.
Of all the solutions developed in the EU DI Wallet Large scale Pilot Programs, the wwWallet has emerged as a leader and the most tested and interoperable. The wwWallet is a web-based open source project, created by Yubico in collaboration with European research organisations. By building the solution on passkeys, including device-bound in YubiKeys, it uniquely combines the highest level of security and privacy with ease of use across all devices and platforms – a key feature that digital wallets will need to ensure true phishing-resistance.
After being selected as one of the winners of Germany’s SPRIND digital identity innovation competition, the wwWallet will be rolled out in 2026 for a wide range of pilots, including with Sweden, Singapore, France and Canada, one thousand journalists, and leading tech organizations. In 2026 I predict that these pilots will lay the foundation for the next generation of digital identity for everyone, and I expect many other countries and governments to follow this model and prioritize implementing – and securing – digital identity wallets.
Navigating an AI overload: Chad Thunberg, CISO
As I reflect and think about the biggest trends impacting the world today, naturally, AI comes to mind – but more so that I (among many other peers) are burnt out by the discussion around AI. The use of generative AI in recent years to rapidly create content has flooded all corners of the Internet without a commensurate amount of ‘useful’ content, leading to a feeling of lopsidedness. As a result, the Internet has been filled with misinformation (accidental and purposeful), scams, and a variety of get-rich-quick schemes much more rapidly than in the past. As AI has greatly helped lower the bar for bad actors to execute cyber attacks, this has led to a massive increase in sophisticated social engineering and AI-driven phishing threats.
AI’s usefulness has rapidly improved over the years, and I anticipate that it will eventually help the general public in a meaningful way. In 2026, the cybersecurity industry should focus more efforts globally on accelerating the adoption of digital content transparency and authenticity standards to help everyone discern fact from fiction and continue the phishing-resistant MFA journey to minimize some of the impact of scams. I expect that more cybersecurity leaders and organizations will feel the same in 2026, and in the meantime, will focus on identifying the types of cybersecurity threats and associated countermeasures that will be most prevalent next year – including identity-based attacks.
The digital identity shift to enterprise: Derek Hanson, Field CTO
In 2026, there will be a pivotal shift in the digital identity landscape as the industry moves beyond a narrow, consumer-centric focus to one focused on the enterprise. While the public conversation around digital identities has historically centered on consumer-facing scenarios like age verification, the coming year will bring a realization that robust digital identity truly belongs in the heart of businesses. Organizations will begin to internalize conversations about digital identity wallets and recognize them not just as consumer novelties, but as essential tools to address deep-rooted challenges in scale and efficiency for user access and business-to-business trust.
At Yubico, we see this evolution as the foundation of modern security and the most effective way to address emerging threats such as AI-generated misinformation. By extending trust beyond those under an organization’s direct control – such as the hundreds of thousands of vendors and external partners that comprise a global supply chain – enterprises can finally enforce the high-assurance verification required for secure, high-stakes interactions. In 2026, I believe digital identity will transform from a cutting-edge feature into the fundamental cornerstone of the enterprise – enabling a future where every digital interaction is both seamless and verifiable.
Ai’s impact on Global System Integrators (GSIs): Sheryl Chamberlain, SVP, Business Development
As Global System Integrators (GSIs) continue navigating the complex Identity and Access Management (IAM) landscape this year, I expect them to embrace the immense benefits of AI by integrating AI into their offerings to deliver more robust solutions and greater value to clients. By incorporating AI, GSIs can help clients achieve better outcomes, reduce risk, and lower overall costs across consulting fees and overall technology spend.
Integrating conversational interfaces through Agentic AI, such as natural language chatbots, also enables routine IAM tasks to be greatly simplified. For instance, a chatbot could manage the entire application onboarding process for new teams or recently acquired companies. This automation accelerates operations, reduces the burden on IT staff by handling routine tasks, and significantly improves the end-user experience. However, it’s important to understand that security challenges naturally arise – making it difficult to tell the difference between an authorized admin or a malicious actor using stolen credentials. The job of trust and verification still belongs to authentication, and more importantly, to the human behind the authentication using phishing resistant standards like device-bound passkeys.
Beyond the operational benefits, AI tools offer crucial advantages in threat detection and monitoring by analyzing data quickly to identify anomalies and insider threats – a vital benefit for keeping critical infrastructure secure from malicious actors in today’s environment.
